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MEMORANDUM FOR: Director of Central Intelligence 


VIA: Deputy Director for Administration 
General Counsel 
Director of Logistics 
Director of Security 


FROM: Bruce T. Johnson 

Director of Data Processing 
SUBJECT: Federal Information Processing Standards (FIPS) 
REFERENCE: Letter from the DDA, Mr. Don Wortman, to the 


Assistant Secretary for Productivity, Technology 
and Innovation, Department of Commerce, 
Dr. Jordan J. Baruch, dtd. 4 November 1980 


1. Action Requested: Paragraph 6 is a recommendation 
that you sign the attached letter to the Secretary of Commerce 
requesting that independent authority to waive Federal 
Information Processing Standards (FIPS) be delegated to you or 
your designee. 


2. Background: Federal Information Processing Standards 
(FIPS) are promulgated by the Department of Commerce under the 
provisions of Public Law 89-306 (the Brooks Act) and Part 6 of 
Title 15 Code of Federal Regulations. These standards are 
prescribed for Federal agencies in the acquisition, development, 
and use of automatic data processing (ADP) systems and in the 
interchange of data between and among agencies and with the 
public. The use of such standards, which are adopted after 
review by Federal agencies, industry, and the public, is intended 
to reduce Government costs and improve the effectiveness of ADP 
services. We are supportive of a well-managed Federal ADP 
standards program. However, the unique nature of intelligence, 
with its concomitant security concerns, causes us special 
problems with respect to the open procedures surrounding the FIPS 
program. 
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SUBJECT: Federal Information Processing Standards (FIPS) 


3. Each FIPS standard has associated with it a waiver 
procedure, whereby, if adverse economic or operational impact can 
be demonstrated, an agency may utilize equipment or software that 
does not conform to the standard. Authority to waive these 
standards resides, depending on the standard, with the Department 
of Commerce or the agency head. (Even those standards where the 
waiver authority resides with the agency head still require 
"coordination in advance" with the Department.) Heretofore, we 
have not made any formal waiver requests. As the standards 
program has become more active and increased in scope, we find 
that full conformance with existing standards is not, in our 
judgment, in the Agency's interest. In the future, we will 
require occasional waivers and, therefore, we are concerned about 
the security implications of FIPS waiver procedures. These 
procedures generally will require sensitive information on Agency 
ADP systems be shared with the Department of Commerce. We have 
described our security concerns in more detail in the attached 
letter to the Secretary of Commerce. 


4, Our concern with the FIPS waiver procedures is not 
hypothetical. For example, we have a near-term problem with FIPS 
60-63, which deal with input/output interface standards and would 
deny us use of some new mass storage (disk drive) technology 
vital to our ADP programs. We believe we have a strong case for 
a waiver from FIPS 60-63. However, the existing waiver 
procedures for FIPS 60-63 require approval of the waiver request 
by the Secretary of Commerce. We are reluctant to make our case 
through these existing procedures because of the precedent A 
sets and the security implications of having another department 
in our ADP procurement process. Again, our concern is with all 
FIPS and not just FIPS 60-63. 


5. The Secretary of Commerce, under the previous 
administration, delegated certain FIPS authority to the former 
Assistant Secretary for Productivity, Technology and Innovation, 
Dr. Jordan J. Baruch. On 5 November 1980, our former Deputy 
Director for Administration, Don Wortman, sent a letter to 
Dr. Baruch requesting a general delegation of FIPS waiver 
authority to the DCI. The letter (reference) outlined our 
security rationale for requesting such a delegation. Three 
months have elapsed and we have had no formal response. The 
informal response is that Commerce is taking action to delegate 
waiver authority, pertaining specifically to FIPS 60-63, to the 
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SUBJECT: Federal Information Processing Standards (FIPS) 


heads of all agencies. We welcome this move, but unfortunately 
it will not be timely enough for our immediate procurement 
needs. Such a delegation will require a minimum of three and 
more realistically six months to implement and even then it will 
address only FIPS 60-63, not other current or future FIPS. A 
timely response from the Secretary of Commerce to the attached 
waiver delegation request would overcome these drawbacks. 


6. Recommendation: We recommend that you send the attached 
letter to the Secretary of Commerce reiterating our previous 
unanswered request for a delegation of independent authority to 
you or your designee to grant waivers to Federal Information 
Processing Standards (FIPS). 


Bruce T. nson 


Attachment: 
Letter to the Secretary of Commerce 
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